On Sun, Jan 8, 2017 at 12:22 AM, Reindl Harald <h.rei...@thelounge.net> wrote:
>
> ok, so we need to continue the code below and set the option in every
> tls-offloaded application - intention of this thread was maybe get this
> transparent which seems not to be possible
It is "technically" possible, but not wise IMHO.
Making every httpd module/CGI/app think the local connection is https
could lead to things like "; Secure" cookies sent on the (clear) wire,
and that option would be accompanied with so much warnings ("unless
you're really on the same switch, but even that...") that it'd be hard
to defend (endlessly?).
>
> if(!empty($cms_tls_offload))
> {
> $_SERVER['REQUEST_SCHEME'] = 'https';
> $_SERVER['HTTPS'] = 'on';
> }
Your choice ;)
